If you genuinely have *that* many accounts on your *NIX system, then/etc/passwd should probably be almost empty and consist of system accounts only. The user accounts would be much better and securely stored on a dedicated system running a directory/authentication service like an LDAP setup. It might have helped AOL avoid this too, since only a very limited number of people would need access to the entire database if the schema was done right.
No, *that's* not the problem either. How much do you think the dirtbags that host send-safe.com's DNS (RTComm in Russia) and their website (UUNet in the USA) get for turning a blind eye? I notice that www.send-safe.com appears to have been slashdotted of the Internet, but perhaps we should try the same for UUNet's abuse email as we let them know our feelings about their continued support for spammers?
Having known it was a setup, this would have been a great opportunity to spin things back on the hosts and have some fun.
Unfortunately, as Lauren stated in the article, the show was being taped and not going out live. While it was certainly possible to spend an evening having some fun, the likely outcome would be that the section was simply dropped. Alternatively, if the asshats running the show were suitably vindictive about it (and it is *MTV* remember), then they could have done some highly creative editing and aired the segment anyway.
There have been countless instances where people have been made out to be completely different to reality through rightspeak, propaganda, spin or whatever the latest buzzword is... I think Lauren made the right call by simply telling them to stick it and then trying to warn off as many people as possible - going on the show under false pretences would kind of be like the pot calling the kettle black, would it not?
Yes, you read that right, over 4600 spyware programs.
Yes, but Ad-Aware, Spybot S&D and most other spyware removal tools would have counted a cookie from an ad bureau as a "program" in your quote above. While I wouldn't class a cookie as a program, they do enable large scale information gathering and hopefully will get explicitly covered by the wording of the legislation to avoid any loopholes. And on the subject of wording, the phrase the legislators need to remember is "failure to have the opt-in checkbox off by default is a breach of the legislation".
Whether it'll be effective or not is a different matter of course, but at least it should be a little easier to track down the infringers of this legislation than those of U-CAN-SPAM.
Have a look around for screen shots of SAP running via a web interface. While it can be a little clunky in places, when properly implemented it can be every bit as rich as.NET/GTK/Qt based applications. It's doable, but the hardware requirements for the backend can be horrendous if you have a lot of users - in my case a pair of Sun E12Ks with 32 CPUs and a boatload of RAM and HDDs in each.
Easy to rebuild - remove dead drive, install new one
Budget... Ah. Why is it *every* "Ask Slashdot" never mentions the budget?
On the cheap, you could do simple mirroring RAID1 - most mobos with on-board SATA RAID will do this for you. The overhead is that you pay twice as much per GB because you obviously need two drives and the performance gains are negligable.
Personally, I'd take the more expensive route; get a proper hardware RAID controller with proper RAID management software. There are 4 port SATA RAID controllers (who *really* still needs SCSI for home use?) for a few hundred dollars and do full RAID5. You lose one drive for the parity info, but that could be as little as 25% of your total capacity if you get four drives instead of the the minimum RAID5 requirement of three drives.
Also, with a proper hardware RAID controller, you should also get a performance boost from use of RAID and have minimal CPU overhead. Get four of Seagate's new 400GB drives and you'll have over a TB of disk space, which should give you some bragging rights for a months or two before it's old hat.:)
Re:Oh no, not more features that look like faces!
on
Phoebe Pictures Released
·
· Score: 4, Interesting
Life immitated art. The unusual colouration was known about for a long while - Cassini himself observed it when the moon seemed to "disappear" - and is a reason why Clark chose Iapetus for the location of the monolith. However, while the novel was written in the late 1960s, the anomaly in the pale surface was only detected by the Voyager flybys. There is a comment about the "black dot" in the foreward of one of the sequels, I forget which one, but Clark received a photo of the anomaly from NASA with the comment "Thinking of you..." or words to that effect.
Re:Oh no, not more features that look like faces!
on
Phoebe Pictures Released
·
· Score: 5, Informative
Not yet... The real wackos will be eagerly waiting for the pictures of monolith shaped objects, ideally on Iapetus.
Not only is Iapetus one of the moons actually discovered by Cassini (in 1671), but it has one black hemisphere and one white hemisphere. It is thought that dust accumulated from Pheobe is responsible for the coating on the darker hemisphere. Intriguingly, there is also a small black dot in the middle of the white hemisphere, exactly as described in 2001 (the book, not the film)...
You'd think, but didn't SuSE get a restraining order or something on SCO last year? I'm wondering if McDonalds has been planning on moving to Linux globally for a while and didn't want to wait until SCO is toast before proceeding. A SCO hostile court system in Germany that has already ruled in SuSE's favour would make the country an ideal place to run the Linux trial while providing some protection from SCO. Very clever of McDonalds...
All major MTAs, if not all MTAs period, allow the identifier given on HELO/EHLO command to be independent of the hostname (and NetBIOS name if applicable). It's just a string afterall. If you are NATing through a firewall, then your SMTP connections will appear to be coming from the firewall's IP. So, provided that you set the MTA to identify itself with whatever the RDNS entry of the firewall is, then even the most draconian of RFC compliance Nazi's will have no cause for complaint.
Inbound is a different kettle of fish. If you are NATing the IP before it hits your MTA then you are heavily restricted in what you can do with the HELO/EHLO. If external DNS resolution is available to the MTA, then you can still use FQDN checks and reject on hostname (assuming they are not proxied by the firewall too). What you can't do is see if the IP matches the FQDN, because the connecting IP will be the firewall's internal IP and obviously won't match.
Whether it's a "bad idea" or not is down to your personal circumstances - it's certainly not going to magically fix your entire spam problem, and in some cases will probably cause far more problems with legit email. However, provided that you are not over zealous with the filtering, then it's only unfriendly to people who spam and people who could probably do with a little more education on configuring their MTA. I guess it depends on which group you feel the strongest about, but you could always compromise and provide a helpful message about *why* the connection was refused.
I'm not too sure what the original poster is doing from the description, but I reject some connections based on HELO/EHLO too, so I can tell you how what I do works. But firstly, since you say that you don't know the details of SMTP, let's clarify what HELO/EHLO do:
When host connects to an SMTP server in order to send it an email, it will receive a banner back which may include the string "ESMTP". If it does then the remote SMTP server supports an enhanced version of SMTP with additional features, "ESMTP". If the host also understands ESMTP, then it should respond with an "EHLO" command. If the host does not understand ESMTP, or the string is not present in the banner, then the host will respond with the "HELO" command defined in the original SMTP RFC to use the simpler set of SMTP commands.
In either case, "HELO" or "EHLO", the host should also tell the server its host name, viz:
EHLO host.company.com
Ideally, "host.company.com" will also have a valid reverse DNS record which will match the IP connecting to the SMTP server. However, the SMTP RFCs do not actually *require* that this is the case, nor for that matter that the hostname is provided at all. Frequently the hostname will be given, but will not be a valid fully qualified domain name on the Internet. So, depending on how draconian you want to be, there are a number of options for rejecting the connection before any data is sent:
No hostname after HELO/EHLO
Hostname given is just a host, not an FQDN
Host domain name given does not appear to exist in DNS
FQDN given does not have RDNS record
FQDN given has RDNS record, but it does not match the IP connected
Using any or all of those will certainly reduce your spam intake, but may also cause legitimate email to be rejected, as usual YMMV as to how much. One thing to watch for if considering this though is that a *lot* of legitimate Windows boxes, including some operated by ISPs, seem to have been configured so that they provide their NetBIOS name when they HELO/EHLO, all but the first check listed above would refuse the conection from such a server.
The soon-to-be-released Spamassassin 3.0 will have the URIBL_SBL test.
It's due out around the end June, assuming no major glitches in the code, etc. I've been testing the URIBL_SBL rules with the current version, and after a little messing around to get it working have found that it works very well indeed. It's definitely worth looking at the upgrade if you are currently running a vanilla version of SpamAssassin. IIRC, version 3.0 will also be adding support for Spamhaus' XBL list, which lists the hosts that the article is about; those that have been demonstrably compromised by a worm or trojan.
I did mean to mention StarOffice in the original post - see my follow up a few minutes later (it'd have been quicker were it not for getting caught by the two minute post thing).
I've actually just done some digging on that - Sun open sourced StarOffice v5.2 in July 2000, having acquired StarDivision in April 1999. Let's not forget though, that corporates are supposed to pay for their copies of the program; the source might be open, but it's not entirely free.
I just can't bring myself to have faith in Sun's intentions regarding OSS in general, not just Linux. For every action they seem to make that supports the OSS community, they go and do something to counter it like footsie with Microsoft or SCO. For every comment they make that supports OSS, they seem to come out with another like the "viral" reference in the discussion about open sourcing Java. And we all know how much Microsoft likes to use "viral" and "GPL" together in that context.
Personally, I think Sun is just trying to be cautious - it does have a responsibility to its shareholders after all. The problem is, that sitting on the fence and playing lip service to both camps isn't doing it too many favours either. There is FUD in the OSS community about what Sun's real intentions are, and meanwhile they are still seeing their customers trickling away to either Linux or Microsoft. I'd like to see some commitment from Sun about which way it's going to head, but until then I probably won't be recommending Sun as the preferred platform for a solution.
Oops. I must have had overwrite on or something and deleted a bit about StarOffice after the comment on Java. The last line of the first paragraph *should* have been: "Apart from providing a language (Java) used by many OSS projects and open sourcing StarOffice some years ago, what grand gesture *has* Sun made for OSS?
I haven't had much of a reason to think that Sun is on "our side" when it comes to open source software.
I got into a Monty Python-esque "What have the Romans done for us?" style discussion about this a few days ago, only the question was "What has $NON_OSS_SPECIFIC_MAJOR_CORPORATE done for OSS?" instead. IBM and Novell are no brainers obviously, we even made a good case for Corel, but Sun stopped us dead. Sure, they've made contributions to various projects, but so have pretty much all companies working with OSS code - it's kind of a given. Apart from providing a language (Java) used by many OSS projects, what grand gesture *has* Sun made for OSS?
Is it simply that we over looked something and Sun perhaps needs to do its self promotion a little better? Or is it merely that Sun is merely playing lip service to OSS in an effort to keep what it perceives as its friends close and its enemies closer?
I have a Draytek Vigor 2600 series DSL router and use the the onboard firewall (I think it's IPF) to actually redirect the traffic onto the LAN with the bogus MAC. The traffic is then directed to a dedicated port and VLAN on my Cisco switch via the IOS config, keeping aberrant traffic as far away from other traffic as I can. The only other device on the VLAN is my old Toshiba which is, by default running IP less.
The Tecra is currently running Fedora Core 1 with IPTables enabled and a bunch of IDS and traffic capture tools installed. Finally, I have modified numerous scripts to seamlessly enable and disable IP on the box if I want to run the Honeypot or anything else that requires a real IP address - I have enough IPs that I don't need to bother with NAT. There is also some basic checking in place to make sure if I run two scripts that would bring up the IP interface then shut the first down, it doesn't bring down the IP interface with it.
I like the idea, and wish I had the corporate status to consider an implementation at my company.
You don't need to be a big company to do this, just a little savvy and a DSL line. I've been doing like this for a while with my DSL router's firewall which has a feature to copy any traffic matched by a rule to the LAN with the target set to an arbitrary MAC address. I have it setup so that any traffic targetted at my unused IPs gets directed to a bogus MAC on the LAN where it gets directed by my switch to be captured by an old laptop. With the flick of a few config files, I can get a honeypot running too, so I can get a little more than the initial "SYN" of TCP sessions.
You get some fascinating stuff. My IP space is a few class B's away from some allocated to S. Korea, and a few months ago I saw someone testing a worm exploiting MS-DS in real time. The scriptkiddie had obviously made a typo, because instead of port 445 the traffic was hitting 455, but the traffic was clearly trying to cause use a known buffer overflow and was coming from a dozen or so IPs all within a single ISP.
Unfortunately, the email I sent to the ISP's NOC listing the source IPs didn't get acted on in time. After about an hour the guy must have corrected the error and the traffic switched to port 445 and the number of source IPs started to grow... I never did find out precisely which one of the many, many, MS-DS exploits circulating at the time this one was though.:(
True, the EOS-10D doesn't have a true spot meter, but it does have a "Partial Metering" mode at the center of the lens which covers 9% of the viewfinder area. You can work around the problem by the following process: focus on and meter your target, half depress the shutter, recompose and shoot. It can be a pain at times, but it works well enough for most things, but I'd still like a true spot meter...
I suspect Brown simply didn't know enough to be able to differentiate between the two.
This is a surprise? Hell, most of the people who work with FOSS on a daily basis can't agree on whether to use "GNU/Linux" or just "Linux" and whether that means an entire distro or just the kernel. What possible hope has a shill-for-hire layperson who can't be bothered to do research like Ken Brown got?
Already here - it's called the Leaf/Valeo (and yes, that is an iPAQ hanging off the side). It uses a 10GB CF magazine anyway, whether it's actually a RAID or not I've not been able to ascertain.
First you take a standard, two dimensional, crossword. Then you stack a bunch of other 2D crosswords underneath it so that there are also some clues that run vertically down through two or more of the stacked pages. You now have a 3D crossword. Finally, since the fourth dimension is "time", you change all the clues and answers if the poor bastard doing the crossword can't solve it quickly enough...:)
It can happen both ways. Many of the manufacturers of horse drawn carriages saw the horseless carriage as a fad, but only a relative few realised the truth in time to start making coachware for early cars. Even so, very few of those survive today and most of those that do have long since been swallowed whole by auto manufacturers. On the other side of the coin, you need look no further than the Road to Damascus style revelation experienced about the Internet by Bill Gates. One huge cash infusion later and MS all but owns the Internet facing desktop.
But having realised its oversight, even Microsoft relied on getting a product out of the door instead of running to the lawyers to protect it. The entrenched telcos seem far more like the RIAA/MPAA to me; they have this new fangled competitor looming on the horizon and instead of pouring money into R&D are pouring it into the legal department and campaign contributions instead. Only time will tell of course, but I'm not betting on either set of dinosaurs.
I think game design companies charge way too much for a product, which is not neccesarily a corruption, but a misunderstanding of market forces. They feel they have to correct for piracy by charging $50/game, when in fact, there would be a lot more copies sold if they offered the same product for half. But then, that's been said for years.
It's been said for years, but it's still a fallacy. The amount of research that goes into determining the optimal sales price for any product is phenomonal, and by "optimal" I mean of course the one with the largest amount of profits. It's a classic bell curve - low margin = high sales and high margin = low sales, but in between is the sweet spot where item profit x sales yields that largest value.
That's a slight over simplification of course - there are savings to be had in production by physically having a higher yield, and there is also the "prestige" factor where limited numbers can work in your favour - luxury cars and "in demand" products like the latest CPU for example. Sure, almost all customers would prefer to be paying less, but pricing is all about getting the price set that enough of them will pay anyway to maximise the profits.
"Akamai problems. Quiet, well kinda quiet, day on the Internet Update (Mon. May 24th 9 am EST, 13:00 UTC, 15:00 CEST)
It appears that websites that use Akamai's distribution system are currently not reachable. Security related web sites effected are symantec.com and trendmicro.com. Virus updates may fail as a result. Further details are currently not available and updates will be posted here as they become available. Thanks to Vidar Wilkens for alerting us of this problem.
According to a post to NANOG, the outage may be the result of a DDOS attack. At this point, Akamai has not ETA for a resolution.
Update 09:45 EST: Looks like some of the Akamai hosted sites start to come back."
Slashdot Mirror
If you genuinely have *that* many accounts on your *NIX system, then /etc/passwd should probably be almost empty and consist of system accounts only. The user accounts would be much better and securely stored on a dedicated system running a directory/authentication service like an LDAP setup. It might have helped AOL avoid this too, since only a very limited number of people would need access to the entire database if the schema was done right.
No, *that's* not the problem either. How much do you think the dirtbags that host send-safe.com's DNS (RTComm in Russia) and their website (UUNet in the USA) get for turning a blind eye? I notice that www.send-safe.com appears to have been slashdotted of the Internet, but perhaps we should try the same for UUNet's abuse email as we let them know our feelings about their continued support for spammers?
Unfortunately, as Lauren stated in the article, the show was being taped and not going out live. While it was certainly possible to spend an evening having some fun, the likely outcome would be that the section was simply dropped. Alternatively, if the asshats running the show were suitably vindictive about it (and it is *MTV* remember), then they could have done some highly creative editing and aired the segment anyway.
There have been countless instances where people have been made out to be completely different to reality through rightspeak, propaganda, spin or whatever the latest buzzword is... I think Lauren made the right call by simply telling them to stick it and then trying to warn off as many people as possible - going on the show under false pretences would kind of be like the pot calling the kettle black, would it not?
Yes, but Ad-Aware, Spybot S&D and most other spyware removal tools would have counted a cookie from an ad bureau as a "program" in your quote above. While I wouldn't class a cookie as a program, they do enable large scale information gathering and hopefully will get explicitly covered by the wording of the legislation to avoid any loopholes. And on the subject of wording, the phrase the legislators need to remember is "failure to have the opt-in checkbox off by default is a breach of the legislation".
Whether it'll be effective or not is a different matter of course, but at least it should be a little easier to track down the infringers of this legislation than those of U-CAN-SPAM.
Have a look around for screen shots of SAP running via a web interface. While it can be a little clunky in places, when properly implemented it can be every bit as rich as .NET/GTK/Qt based applications. It's doable, but the hardware requirements for the backend can be horrendous if you have a lot of users - in my case a pair of Sun E12Ks with 32 CPUs and a boatload of RAM and HDDs in each.
It's for home use
No data loss if a drive dies
Easy to rebuild - remove dead drive, install new one
Budget... Ah. Why is it *every* "Ask Slashdot" never mentions the budget? On the cheap, you could do simple mirroring RAID1 - most mobos with on-board SATA RAID will do this for you. The overhead is that you pay twice as much per GB because you obviously need two drives and the performance gains are negligable.
Personally, I'd take the more expensive route; get a proper hardware RAID controller with proper RAID management software. There are 4 port SATA RAID controllers (who *really* still needs SCSI for home use?) for a few hundred dollars and do full RAID5. You lose one drive for the parity info, but that could be as little as 25% of your total capacity if you get four drives instead of the the minimum RAID5 requirement of three drives.
Also, with a proper hardware RAID controller, you should also get a performance boost from use of RAID and have minimal CPU overhead. Get four of Seagate's new 400GB drives and you'll have over a TB of disk space, which should give you some bragging rights for a months or two before it's old hat. :)
Life immitated art. The unusual colouration was known about for a long while - Cassini himself observed it when the moon seemed to "disappear" - and is a reason why Clark chose Iapetus for the location of the monolith. However, while the novel was written in the late 1960s, the anomaly in the pale surface was only detected by the Voyager flybys. There is a comment about the "black dot" in the foreward of one of the sequels, I forget which one, but Clark received a photo of the anomaly from NASA with the comment "Thinking of you..." or words to that effect.
Not only is Iapetus one of the moons actually discovered by Cassini (in 1671), but it has one black hemisphere and one white hemisphere. It is thought that dust accumulated from Pheobe is responsible for the coating on the darker hemisphere. Intriguingly, there is also a small black dot in the middle of the white hemisphere, exactly as described in 2001 (the book, not the film)...
You'd think, but didn't SuSE get a restraining order or something on SCO last year? I'm wondering if McDonalds has been planning on moving to Linux globally for a while and didn't want to wait until SCO is toast before proceeding. A SCO hostile court system in Germany that has already ruled in SuSE's favour would make the country an ideal place to run the Linux trial while providing some protection from SCO. Very clever of McDonalds...
Inbound is a different kettle of fish. If you are NATing the IP before it hits your MTA then you are heavily restricted in what you can do with the HELO/EHLO. If external DNS resolution is available to the MTA, then you can still use FQDN checks and reject on hostname (assuming they are not proxied by the firewall too). What you can't do is see if the IP matches the FQDN, because the connecting IP will be the firewall's internal IP and obviously won't match.
Whether it's a "bad idea" or not is down to your personal circumstances - it's certainly not going to magically fix your entire spam problem, and in some cases will probably cause far more problems with legit email. However, provided that you are not over zealous with the filtering, then it's only unfriendly to people who spam and people who could probably do with a little more education on configuring their MTA. I guess it depends on which group you feel the strongest about, but you could always compromise and provide a helpful message about *why* the connection was refused.
When host connects to an SMTP server in order to send it an email, it will receive a banner back which may include the string "ESMTP". If it does then the remote SMTP server supports an enhanced version of SMTP with additional features, "ESMTP". If the host also understands ESMTP, then it should respond with an "EHLO" command. If the host does not understand ESMTP, or the string is not present in the banner, then the host will respond with the "HELO" command defined in the original SMTP RFC to use the simpler set of SMTP commands.
In either case, "HELO" or "EHLO", the host should also tell the server its host name, viz:
Ideally, "host.company.com" will also have a valid reverse DNS record which will match the IP connecting to the SMTP server. However, the SMTP RFCs do not actually *require* that this is the case, nor for that matter that the hostname is provided at all. Frequently the hostname will be given, but will not be a valid fully qualified domain name on the Internet. So, depending on how draconian you want to be, there are a number of options for rejecting the connection before any data is sent:- No hostname after HELO/EHLO
- Hostname given is just a host, not an FQDN
- Host domain name given does not appear to exist in DNS
- FQDN given does not have RDNS record
- FQDN given has RDNS record, but it does not match the IP connected
Using any or all of those will certainly reduce your spam intake, but may also cause legitimate email to be rejected, as usual YMMV as to how much. One thing to watch for if considering this though is that a *lot* of legitimate Windows boxes, including some operated by ISPs, seem to have been configured so that they provide their NetBIOS name when they HELO/EHLO, all but the first check listed above would refuse the conection from such a server.It's due out around the end June, assuming no major glitches in the code, etc. I've been testing the URIBL_SBL rules with the current version, and after a little messing around to get it working have found that it works very well indeed. It's definitely worth looking at the upgrade if you are currently running a vanilla version of SpamAssassin. IIRC, version 3.0 will also be adding support for Spamhaus' XBL list, which lists the hosts that the article is about; those that have been demonstrably compromised by a worm or trojan.
I've actually just done some digging on that - Sun open sourced StarOffice v5.2 in July 2000, having acquired StarDivision in April 1999. Let's not forget though, that corporates are supposed to pay for their copies of the program; the source might be open, but it's not entirely free.
I just can't bring myself to have faith in Sun's intentions regarding OSS in general, not just Linux. For every action they seem to make that supports the OSS community, they go and do something to counter it like footsie with Microsoft or SCO. For every comment they make that supports OSS, they seem to come out with another like the "viral" reference in the discussion about open sourcing Java. And we all know how much Microsoft likes to use "viral" and "GPL" together in that context.
Personally, I think Sun is just trying to be cautious - it does have a responsibility to its shareholders after all. The problem is, that sitting on the fence and playing lip service to both camps isn't doing it too many favours either. There is FUD in the OSS community about what Sun's real intentions are, and meanwhile they are still seeing their customers trickling away to either Linux or Microsoft. I'd like to see some commitment from Sun about which way it's going to head, but until then I probably won't be recommending Sun as the preferred platform for a solution.
I got into a Monty Python-esque "What have the Romans done for us?" style discussion about this a few days ago, only the question was "What has $NON_OSS_SPECIFIC_MAJOR_CORPORATE done for OSS?" instead. IBM and Novell are no brainers obviously, we even made a good case for Corel, but Sun stopped us dead. Sure, they've made contributions to various projects, but so have pretty much all companies working with OSS code - it's kind of a given. Apart from providing a language (Java) used by many OSS projects, what grand gesture *has* Sun made for OSS?
Is it simply that we over looked something and Sun perhaps needs to do its self promotion a little better? Or is it merely that Sun is merely playing lip service to OSS in an effort to keep what it perceives as its friends close and its enemies closer?
The Tecra is currently running Fedora Core 1 with IPTables enabled and a bunch of IDS and traffic capture tools installed. Finally, I have modified numerous scripts to seamlessly enable and disable IP on the box if I want to run the Honeypot or anything else that requires a real IP address - I have enough IPs that I don't need to bother with NAT. There is also some basic checking in place to make sure if I run two scripts that would bring up the IP interface then shut the first down, it doesn't bring down the IP interface with it.
You don't need to be a big company to do this, just a little savvy and a DSL line. I've been doing like this for a while with my DSL router's firewall which has a feature to copy any traffic matched by a rule to the LAN with the target set to an arbitrary MAC address. I have it setup so that any traffic targetted at my unused IPs gets directed to a bogus MAC on the LAN where it gets directed by my switch to be captured by an old laptop. With the flick of a few config files, I can get a honeypot running too, so I can get a little more than the initial "SYN" of TCP sessions.
You get some fascinating stuff. My IP space is a few class B's away from some allocated to S. Korea, and a few months ago I saw someone testing a worm exploiting MS-DS in real time. The scriptkiddie had obviously made a typo, because instead of port 445 the traffic was hitting 455, but the traffic was clearly trying to cause use a known buffer overflow and was coming from a dozen or so IPs all within a single ISP.
Unfortunately, the email I sent to the ISP's NOC listing the source IPs didn't get acted on in time. After about an hour the guy must have corrected the error and the traffic switched to port 445 and the number of source IPs started to grow... I never did find out precisely which one of the many, many, MS-DS exploits circulating at the time this one was though. :(
True, the EOS-10D doesn't have a true spot meter, but it does have a "Partial Metering" mode at the center of the lens which covers 9% of the viewfinder area. You can work around the problem by the following process: focus on and meter your target, half depress the shutter, recompose and shoot. It can be a pain at times, but it works well enough for most things, but I'd still like a true spot meter...
This is a surprise? Hell, most of the people who work with FOSS on a daily basis can't agree on whether to use "GNU/Linux" or just "Linux" and whether that means an entire distro or just the kernel. What possible hope has a shill-for-hire layperson who can't be bothered to do research like Ken Brown got?
Already here - it's called the Leaf/Valeo (and yes, that is an iPAQ hanging off the side). It uses a 10GB CF magazine anyway, whether it's actually a RAID or not I've not been able to ascertain.
First you take a standard, two dimensional, crossword. Then you stack a bunch of other 2D crosswords underneath it so that there are also some clues that run vertically down through two or more of the stacked pages. You now have a 3D crossword. Finally, since the fourth dimension is "time", you change all the clues and answers if the poor bastard doing the crossword can't solve it quickly enough... :)
But having realised its oversight, even Microsoft relied on getting a product out of the door instead of running to the lawyers to protect it. The entrenched telcos seem far more like the RIAA/MPAA to me; they have this new fangled competitor looming on the horizon and instead of pouring money into R&D are pouring it into the legal department and campaign contributions instead. Only time will tell of course, but I'm not betting on either set of dinosaurs.
It's been said for years, but it's still a fallacy. The amount of research that goes into determining the optimal sales price for any product is phenomonal, and by "optimal" I mean of course the one with the largest amount of profits. It's a classic bell curve - low margin = high sales and high margin = low sales, but in between is the sweet spot where item profit x sales yields that largest value.
That's a slight over simplification of course - there are savings to be had in production by physically having a higher yield, and there is also the "prestige" factor where limited numbers can work in your favour - luxury cars and "in demand" products like the latest CPU for example. Sure, almost all customers would prefer to be paying less, but pricing is all about getting the price set that enough of them will pay anyway to maximise the profits.
Well, unless you have a *really* bad latency problem, I don't think that's going to be an issue with a problem on May 24th...
It appears that websites that use Akamai's distribution system are currently not reachable. Security related web sites effected are symantec.com and trendmicro.com. Virus updates may fail as a result. Further details are currently not available and updates will be posted here as they become available. Thanks to Vidar Wilkens for alerting us of this problem.
According to a post to NANOG, the outage may be the result of a DDOS attack. At this point, Akamai has not ETA for a resolution.
Update 09:45 EST: Looks like some of the Akamai hosted sites start to come back."
You gotta love that "Quiet, well kinda quiet". ;)